CVE-2024-6591 – The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized …

27 July 2024

Vuln ID: CVE-2024-6591

Published: 2024-07-27 02:15:12.330

Description: The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the ‘send_auction_email_callback’ and ‘resend_auction_email_callback’ functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.

Base Score: 5.8 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

27 July 2024

Categorie(s):

NVD

Tag(s):

NVD

Sinister SpyAgent Android Malware Uses Optics To Crack Your Crypto Wallet7 September 2024
Despite cyberattacks, water security standards remain a pipe dream7 September 2024
Hackers Threaten to Leak Planned Parenthood Data7 September 2024
Protect AI Democratizes AI Security Training with Free MLSecOps Foundations Online Learning Course 7 September 2024
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams7 September 2024